Common Event Format (CEF)

CEF:Version|Device Vendor|Device Product|Device Version|Signature ID|Name|Severity|Extension

• signature id: a integer or string that is a unique identifier for the event
• severity: integer value 0-10
• extension: any number of key-value pairs in the form of key=value separated by spaces.

CEF:0|Red Hat|RHEL|8.0.0|100|SSH login|5